summaryrefslogtreecommitdiff
path: root/trust
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2013-07-08 16:56:40 +0200
committerStef Walter <stef@thewalter.net>2013-07-08 17:00:19 +0200
commit2c4f5ed657976d868c33f0ddf430477ee2bf0191 (patch)
tree2a278879f974691ae31be0853bb9313fb5d36a7f /trust
parent03787ae83b1911118a7a689c4817bbce1e74dabd (diff)
trust: Explicitly specify which formats parser should parse
Diffstat (limited to 'trust')
-rw-r--r--trust/parser.c69
-rw-r--r--trust/parser.h18
-rw-r--r--trust/tests/test-module.c2
-rw-r--r--trust/tests/test-parser.c10
-rw-r--r--trust/token.c2
5 files changed, 73 insertions, 28 deletions
diff --git a/trust/parser.c b/trust/parser.c
index 0d250fc..3d5bae7 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -59,6 +59,7 @@
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
+#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -70,6 +71,7 @@ struct _p11_parser {
p11_persist *persist;
char *basename;
p11_array *parsed;
+ p11_array *formats;
int flags;
};
@@ -166,10 +168,10 @@ certificate_attrs (p11_parser *parser,
return p11_attrs_build (NULL, &klass, &modifiable, &certificate_type, &value, id, NULL);
}
-static int
-parse_der_x509_certificate (p11_parser *parser,
- const unsigned char *data,
- size_t length)
+int
+p11_parser_format_x509 (p11_parser *parser,
+ const unsigned char *data,
+ size_t length)
{
char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
CK_BYTE idv[ID_LENGTH];
@@ -583,7 +585,7 @@ on_pem_block (const char *type,
int ret;
if (strcmp (type, "CERTIFICATE") == 0) {
- ret = parse_der_x509_certificate (parser, contents, length);
+ ret = p11_parser_format_x509 (parser, contents, length);
} else if (strcmp (type, "TRUSTED CERTIFICATE") == 0) {
ret = parse_openssl_trusted_certificate (parser, contents, length);
@@ -597,10 +599,10 @@ on_pem_block (const char *type,
p11_message ("Couldn't parse PEM block of type %s", type);
}
-static int
-parse_pem_certificates (p11_parser *parser,
- const unsigned char *data,
- size_t length)
+int
+p11_parser_format_pem (p11_parser *parser,
+ const unsigned char *data,
+ size_t length)
{
int num;
@@ -612,10 +614,10 @@ parse_pem_certificates (p11_parser *parser,
return P11_PARSE_SUCCESS;
}
-static int
-parse_p11_kit_persist (p11_parser *parser,
- const unsigned char *data,
- size_t length)
+int
+p11_parser_format_persist (p11_parser *parser,
+ const unsigned char *data,
+ size_t length)
{
CK_BBOOL modifiablev = CK_TRUE;
CK_ATTRIBUTE *attrs;
@@ -648,13 +650,6 @@ parse_p11_kit_persist (p11_parser *parser,
return ret ? P11_PARSE_SUCCESS : P11_PARSE_FAILURE;
}
-static parser_func all_parsers[] = {
- parse_p11_kit_persist,
- parse_pem_certificates,
- parse_der_x509_certificate,
- NULL,
-};
-
p11_parser *
p11_parser_new (p11_asn1_cache *asn1_cache)
{
@@ -693,6 +688,31 @@ p11_parser_parsed (p11_parser *parser)
return parser->parsed;
}
+void
+p11_parser_formats (p11_parser *parser,
+ ...)
+{
+ p11_array *formats;
+ parser_func func;
+ va_list va;
+
+ formats = p11_array_new (NULL);
+ return_if_fail (formats != NULL);
+
+ va_start (va, parser);
+ for (;;) {
+ func = va_arg (va, parser_func);
+ if (func == NULL)
+ break;
+ if (!p11_array_push (formats, func))
+ return_if_reached ();
+ }
+ va_end (va);
+
+ p11_array_free (parser->formats);
+ parser->formats = formats;
+}
+
int
p11_parse_memory (p11_parser *parser,
const char *filename,
@@ -706,18 +726,15 @@ p11_parse_memory (p11_parser *parser,
return_val_if_fail (parser != NULL, P11_PARSE_FAILURE);
return_val_if_fail (filename != NULL, P11_PARSE_FAILURE);
+ return_val_if_fail (parser->formats != NULL, P11_PARSE_FAILURE);
p11_array_clear (parser->parsed);
base = p11_path_base (filename);
parser->basename = base;
parser->flags = flags;
- for (i = 0; all_parsers[i] != NULL; i++) {
- ret = (all_parsers[i]) (parser, data, length);
-
- if (ret != P11_PARSE_UNRECOGNIZED)
- break;
- }
+ for (i = 0; ret == P11_PARSE_UNRECOGNIZED && i < parser->formats->num; i++)
+ ret = ((parser_func)parser->formats->elem[i]) (parser, data, length);
p11_asn1_cache_flush (parser->asn1_cache);
diff --git a/trust/parser.h b/trust/parser.h
index f956fb9..59cc378 100644
--- a/trust/parser.h
+++ b/trust/parser.h
@@ -34,9 +34,8 @@
#include "asn1.h"
#include "array.h"
+#include "compat.h"
#include "dict.h"
-#include "index.h"
-#include "pkcs11.h"
#ifndef P11_PARSER_H_
#define P11_PARSER_H_
@@ -71,4 +70,19 @@ int p11_parse_file (p11_parser *parser,
p11_array * p11_parser_parsed (p11_parser *parser);
+void p11_parser_formats (p11_parser *parser,
+ ...) GNUC_NULL_TERMINATED;
+
+int p11_parser_format_persist (p11_parser *parser,
+ const unsigned char *data,
+ size_t length);
+
+int p11_parser_format_pem (p11_parser *parser,
+ const unsigned char *data,
+ size_t length);
+
+int p11_parser_format_x509 (p11_parser *parser,
+ const unsigned char *data,
+ size_t length);
+
#endif /* P11_PARSER_H_ */
diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c
index f1813a3..33cdd48 100644
--- a/trust/tests/test-module.c
+++ b/trust/tests/test-module.c
@@ -160,6 +160,7 @@ setup_writable (void *unused)
test.cache = p11_asn1_cache_new ();
test.parser = p11_parser_new (test.cache);
+ p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
}
static void
@@ -1108,6 +1109,7 @@ test_create_and_write (void)
/* The expected file name */
path = p11_path_build (test.directory, "yay.p11-kit", NULL);
+ p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
ret = p11_parse_file (test.parser, path, 0);
assert_num_eq (ret, P11_PARSE_SUCCESS);
free (path);
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index c8cac03..09ec71c 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -117,6 +117,7 @@ test_parse_der_certificate (void)
{ CKA_INVALID },
};
+ p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
P11_PARSE_FLAG_NONE);
assert_num_eq (P11_PARSE_SUCCESS, ret);
@@ -144,6 +145,7 @@ test_parse_pem_certificate (void)
{ CKA_INVALID },
};
+ p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.pem",
P11_PARSE_FLAG_NONE);
assert_num_eq (P11_PARSE_SUCCESS, ret);
@@ -170,6 +172,7 @@ test_parse_p11_kit_persist (void)
{ CKA_INVALID },
};
+ p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
ret = p11_parse_file (test.parser, SRCDIR "/input/verisign-v1.p11-kit",
P11_PARSE_FLAG_NONE);
assert_num_eq (P11_PARSE_SUCCESS, ret);
@@ -222,6 +225,7 @@ test_parse_openssl_trusted (void)
int ret;
int i;
+ p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3-trusted.pem",
P11_PARSE_FLAG_ANCHOR);
assert_num_eq (P11_PARSE_SUCCESS, ret);
@@ -305,6 +309,7 @@ test_parse_openssl_distrusted (void)
* OpenSSL style is to litter the blacklist in with the anchors,
* so we parse this as an anchor, but expect it to be blacklisted
*/
+ p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
ret = p11_parse_file (test.parser, SRCDIR "/files/distrusted.pem",
P11_PARSE_FLAG_ANCHOR);
assert_num_eq (P11_PARSE_SUCCESS, ret);
@@ -344,6 +349,7 @@ test_parse_anchor (void)
CK_ATTRIBUTE *cert;
int ret;
+ p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
P11_PARSE_FLAG_ANCHOR);
assert_num_eq (P11_PARSE_SUCCESS, ret);
@@ -373,6 +379,7 @@ test_parse_thawte (void)
{ CKA_INVALID },
};
+ p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
ret = p11_parse_file (test.parser, SRCDIR "/files/thawte.pem",
P11_PARSE_FLAG_NONE);
assert_num_eq (P11_PARSE_SUCCESS, ret);
@@ -393,6 +400,7 @@ test_parse_invalid_file (void)
p11_message_quiet ();
+ p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
ret = p11_parse_file (test.parser, "/nonexistant",
P11_PARSE_FLAG_NONE);
assert_num_eq (P11_PARSE_FAILURE, ret);
@@ -407,6 +415,7 @@ test_parse_unrecognized (void)
p11_message_quiet ();
+ p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
ret = p11_parse_file (test.parser, SRCDIR "/files/unrecognized-file.txt",
P11_PARSE_FLAG_NONE);
assert_num_eq (P11_PARSE_UNRECOGNIZED, ret);
@@ -423,6 +432,7 @@ test_parse_no_asn1_cache (void)
parser = p11_parser_new (NULL);
assert_ptr_not_null (parser);
+ p11_parser_formats (parser, p11_parser_format_x509, NULL);
ret = p11_parse_file (parser, SRCDIR "/files/cacert3.der", P11_PARSE_FLAG_NONE);
assert_num_eq (P11_PARSE_SUCCESS, ret);
diff --git a/trust/token.c b/trust/token.c
index e9bcf44..77ff739 100644
--- a/trust/token.c
+++ b/trust/token.c
@@ -637,6 +637,8 @@ p11_token_new (CK_SLOT_ID slot,
token->parser = p11_parser_new (p11_builder_get_cache (token->builder));
return_val_if_fail (token->parser != NULL, NULL);
+ p11_parser_formats (token->parser, p11_parser_format_pem,
+ p11_parser_format_x509, p11_parser_format_persist, NULL);
token->loaded = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
return_val_if_fail (token->loaded != NULL, NULL);